Using Passive Vulnerability Scanning during end-of-year IT change freezes
November 17, 2006Many corporations, particularly in the financial industry, impose an end of year "freeze" on all network changes. This means that no new products or systems may be deployed and any exception...
CVSS Scores in Nessus Plugins
November 16, 2006For over a year now, Tenable has been including CVSS base scores in the plugins we write for Nessus as well as Passive Vulnerability Scanner (PVS) to give our customers an objective way to assess th...
Good and Bad uses of Vulnerability Data for IDS Event Correlation
November 13, 2006About once a month, Tenable gets a call from an MSP, IDS vendor or SIM vendor that wants to take the output of a Nessus scan and do "correlation". The concept is to do something more intelli...
Using PVS to detect Corporate policy violations
November 10, 2006Most companies have some sort of policy in place which defines network or computer activities which are considered 'Acceptable computer usage'.  Such policies are often difficult to enforce. ...
Using Nessus 3 for OS X Configuration Auditing
November 3, 2006Nessus 3 users who have subscribed to the Direct Feed service can audit the configurations of many OSes, including OS X. This blog entry will show the basic configuration of an OS X device to allow au...
Upcoming Tenable Webinars
November 3, 2006Tenable continues to offer interesting content. We've added three new presentations and interviews to our list of webinars. Interview with Thomas Ptacek, Founder of Matasano SecurityNovember 28, 200...
Nessus 3.0.4 Available
October 30, 2006Tenable Network Security is pleased to announce the immediate availability of Nessus 3.0.4 which includes changes to the nessusd daemon, specific changes for Nessus 3 running on Windows, specific cha...
Knowing When to Patch
October 27, 2006I was on an enterprise vulnerability management panel at the recent Infosecurity show in NY City. On the topic of patch management, a question was asked about using severity ratings for vulnerabilitie...
Webinar Interview with Richard Bejtlich - Nov 17, 10:00 AM EST
October 25, 2006Tenable will be hosting a series of interview based webinars over the next few months. Our first interview will be with noted network security monitoring expert, Richard Bejtlich of Tao Security. ...
Upcoming Tenable Events and Webinars
October 23, 2006Tenable has many new events between now and January 2007. They are all outlined below. More are being added as we speak, including a series of interviews with leading computer and information security...
Update on Nessus SCADA Checks
October 18, 2006Digital Bond has placed screen shots of the SCADA checks for Nessus under development in their blog. Below is a screen shot of some of the plugins being developed for the new "SCADA" family....
IT Security Compliance Myths
October 17, 2006I've been collecting comments made to me by various Nessus users and Tenable customers about what it means to be compliant. This is by no means scientific, but I only put stuff on this list that I've ...